Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
940
Views
0
Helpful
2
Replies

LEAP Authentication via LDAP

hoodbe
Level 1
Level 1

‎10-29-2001 02:01 PM - edited ‎07-05-2021 12:06 PM

I would like to use LEAP authentication for my WLAN users via an existing LDAP database, but have been told that this will not work because LDAP does not support any CHAP authentication protocols and this is what the Aironet AP's use. I don't really understand why this response since it will be the ACS server talking to the LDAP server, not the AP. I thought the LDAP server is used only as a group/password database and the ACS server handles the interface to the access point.

Has anyone set up a similar architecture? Or, can anyone give me a more definitive explanation of why this would not work?

Regards,

Blake

Labels:
0 Helpful
2 Replies 2

dstuben
Level 1
Level 1

‎11-06-2001 10:42 AM

You are correct, you can NOT use an LDAP database to authenticate. The problem is with the hashing algorithm. Other standards exist, but LEAP is Cisco proprietary and that is one of the issues. If you don't have a ton of users, maybe just create a local database file on your RADIUS server, that works great, or authenticate against an NT domain.

0 Helpful

javierlopez
Level 1
Level 1
In response to dstuben

‎04-30-2002 07:14 AM

I wish to authenticate wireless users with LEAP and ACS 3.0 against an LDAP server.

The ACS User Guide specifies (page 1-9, table 1-2) that password authentication protocol LEAP is not compatible with an LDAP database, the same as stated in previous post of this thread.

However, in a recent TechTalk (Securing and Managing Your 802.11 Wireless Network) there were some questions related to this issue :

- Question 163 : Can you proxy through a Cisco ACS server to a backend LDAP server for username and password authorization?

Answer 163 : Absolutely. Pls see the following URL: http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/ldcsa_wp.htm.

- Question 238 : Can you support LEAP with a backend LDAP server?

Answer 238 : yes!

- Question 301 : When using LEAP, is the password stored in a Cisco ACS stored as a hash or something that can be stored in an LDAP server?

Answer 301 : A hashed password is used, and LDAP does not have support for the hashing algorithm.

Is there any way to use this kind of authentication? Has anyone tried it? Can anyone clarify this point?

Thanks in advance

Javier

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card